colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chromium,chromedriver,electron: use hash instead of sha256 everywhere

Browse Source 
this patch updates the packaging of chromium and chromedriver to use
sri hashes in `upstream-info.nix` instead of sha256 as well as
the packaging of electron to use sri hashes in `info.json` instead
of sha256 (just gn).

this patch also updates the previous `sha256` values in
`upstream-info.nix` and `info.json` to sri hashes in `hash`.
This commit is contained in:
networkException 2023-10-21 13:02:47 +02:00
parent 6e4796d619
commit e2523b4ca0
No known key found for this signature in database
GPG Key ID: E3877443AE684391
6 changed files with 42 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkgs/applications/networking/browsers/chromium/common.nix
View File

@ -67,16 +67,16 @@ let
]);
clangFormatPython3 = fetchurl {
url = "https://chromium.googlesource.com/chromium/tools/build/+/e77882e0dde52c2ccf33c5570929b75b4a2a2522/recipes/recipe_modules/chromium/resources/clang-format?format=TEXT";
sha256 = "0ic3hn65dimgfhakli1cyf9j3cxcqsf1qib706ihfhmlzxf7256l";
hash = "sha256-1BRxXP+0QgejAWdFHJzGrLMhk/MsRDoVdK/GVoyFg0U=";
};
# The additional attributes for creating derivations based on the chromium
# source tree.
extraAttrs = buildFun base;
githubPatch = { commit, sha256, revert ? false }: fetchpatch {
githubPatch = { commit, hash, revert ? false }: fetchpatch {
url = "https://github.com/chromium/chromium/commit/${commit}.patch";
inherit sha256 revert;
inherit hash revert;
};
mkGnFlags =
@ -118,7 +118,7 @@ let
libExecPath = "$out/libexec/${packageName}";
ungoogler = ungoogled-chromium {
inherit (upstream-info.deps.ungoogled-patches) rev sha256;
inherit (upstream-info.deps.ungoogled-patches) rev hash;
};
# There currently isn't a (much) more concise way to get a stdenv
@ -148,10 +148,10 @@ let
else throw "no chromium Rosetta Stone entry for os: ${platform.config}";
};
recompressTarball = { version, sha256 ? "" }: fetchzip {
recompressTarball = { version, hash ? "" }: fetchzip {
name = "chromium-${version}.tar.zstd";
url = "https://commondatastorage.googleapis.com/chromium-browser-official/chromium-${version}.tar.xz";
inherit sha256;
inherit hash;
nativeBuildInputs = [ zstd ];
@ -180,7 +180,7 @@ let
inherit (upstream-info) version;
inherit packageName buildType buildPath;
src = recompressTarball { inherit version; inherit (upstream-info) sha256; };
src = recompressTarball { inherit version; inherit (upstream-info) hash; };
nativeBuildInputs = [
ninja pkg-config
@ -250,7 +250,7 @@ let
(githubPatch {
# Reland [clang] Disable autoupgrading debug info in ThinLTO builds
commit = "54969766fd2029c506befc46e9ce14d67c7ed02a";
sha256 = "sha256-Vryjg8kyn3cxWg3PmSwYRG6zrHOqYWBMSdEMGiaPg6M=";
hash = "sha256-Vryjg8kyn3cxWg3PmSwYRG6zrHOqYWBMSdEMGiaPg6M=";
revert = true;
})
];

12
pkgs/applications/networking/browsers/chromium/default.nix
View File

@ -57,7 +57,7 @@ let
gnChromium = buildPackages.gn.overrideAttrs (oldAttrs: {
inherit (upstream-info.deps.gn) version;
src = fetchgit {
inherit (upstream-info.deps.gn) url rev sha256;
inherit (upstream-info.deps.gn) url rev hash;
};
});
});
@ -80,12 +80,12 @@ let
chromeSrc =
let
# Use the latest stable Chrome version if necessary:
version = if chromium.upstream-info.sha256bin64 != null
version = if chromium.upstream-info.hash_deb_amd64 != null
then chromium.upstream-info.version
else (import ./upstream-info.nix).stable.version;
sha256 = if chromium.upstream-info.sha256bin64 != null
then chromium.upstream-info.sha256bin64
else (import ./upstream-info.nix).stable.sha256bin64;
hash = if chromium.upstream-info.hash_deb_amd64 != null
then chromium.upstream-info.hash_deb_amd64
else (import ./upstream-info.nix).stable.hash_deb_amd64;
in fetchurl {
urls = map (repo: "${repo}/${pkgName}/${pkgName}_${version}-1_amd64.deb") [
"https://dl.google.com/linux/chrome/deb/pool/main/g"
@ -93,7 +93,7 @@ let
"http://mirror.pcbeta.com/google/chrome/deb/pool/main/g"
"http://repo.fdzh.org/chrome/deb/pool/main/g"
];
inherit sha256;
inherit hash;
};
mkrpath = p: "${lib.makeSearchPathOutput "lib" "lib64" p}:${lib.makeLibraryPath p}";

6
pkgs/applications/networking/browsers/chromium/ungoogled.nix
View File

@ -6,10 +6,10 @@
}:
{ rev
, sha256
, hash
}:
stdenv.mkDerivation rec {
stdenv.mkDerivation {
pname = "ungoogled-chromium";
version = rev;
@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
src = fetchFromGitHub {
owner = "ungoogled-software";
repo = "ungoogled-chromium";
inherit rev sha256;
inherit rev hash;
};
dontBuild = true;

34
pkgs/applications/networking/browsers/chromium/upstream-info.nix
View File

@ -3,63 +3,63 @@
deps = {
gn = {
rev = "811d332bd90551342c5cbd39e133aa276022d7f8";
sha256 = "0jlg3d31p346na6a3yk0x29pm6b7q03ck423n5n6mi8nv4ybwajq";
hash = "sha256-WCq+PNkWxWpssUOQyQbAZ5l6k+hg+qGMsoaMG0Ybj0o=";
url = "https://gn.googlesource.com/gn";
version = "2023-08-01";
};
};
sha256 = "0c3adrrgpnhm8g1546ask9pf17qj1sjgb950mj0rv4snxvddi75j";
sha256bin64 = "11w1di146mjb9ql30df9yk9x4b9amc6514jzyfbf09mqsrw88dvr";
hash = "sha256-spzY2u5Wk52BrKCk9aQOEp/gbppaGVLCQxXa+3JuajA=";
hash_deb_amd64 = "sha256-eTeEeNa4JuCW81+SUAyrKi3S0/TJNTAoTktWQ0JsgYc=";
version = "117.0.5938.22";
};
dev = {
deps = {
gn = {
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
url = "https://gn.googlesource.com/gn";
version = "2023-08-10";
};
};
sha256 = "16dq27lsywrn2xlgr5g46gdv15p30sihfamli4vkv3zxzfxdjisv";
sha256bin64 = "11y09hsy7y1vg65xfilq44ffsmn15dqy80fa57psj1kin4a52v2x";
hash = "sha256-W0fZuvv9jz03ibQqB6MG45aw2zPklfxoFzZzr+kRuJk=";
hash_deb_amd64 = "sha256-XWxRFLFxBqnvKcoB5HErwVbtHCGYRteLeTv44zVMwIc=";
version = "118.0.5966.0";
};
stable = {
chromedriver = {
sha256_darwin = "0y973bs4dbdrl152bfiq5avsp6h27j3v1kwgcgxk1d0g293322xs";
sha256_darwin_aarch64 =
"04qrhr52qc9rhmslgsh2yymsix9cv32g39xbpf8576scihfdngv8";
sha256_linux = "1hy3s6j20h03ria033kfxd3rq259davvpjny4gpvznzklns71vi1";
hash_darwin = "sha256-ugsxRhIPtDD7Y4/PsIc8Apqrtyo4uiVKoLmtRvQaJ3k=";
hash_darwin_aarch64 =
"sha256-aD/bHIxMm1OQu6un8cTYLPWoq/cC6kd1hTkxLEqGGRM=";
hash_linux = "sha256-Ie5wtKXz27/vI97Ku7dqqQicR+tujgFUzANAIKTRw8M=";
version = "118.0.5993.70";
};
deps = {
gn = {
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
url = "https://gn.googlesource.com/gn";
version = "2023-08-10";
};
};
sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";
hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";
version = "118.0.5993.88";
};
ungoogled-chromium = {
deps = {
gn = {
rev = "cc56a0f98bb34accd5323316e0292575ff17a5d4";
sha256 = "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab";
hash = "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M=";
url = "https://gn.googlesource.com/gn";
version = "2023-08-10";
};
ungoogled-patches = {
rev = "118.0.5993.88-1";
sha256 = "17j47d64l97ascp85h8cnfnr5wr4va3bdk95wmagqss7ym5c7zsf";
hash = "sha256-Tv/DSvVHa/xU5SXNtobaJPOSrbMMwYIu0+okSkw7RJ4=";
};
};
sha256 = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
sha256bin64 = "06rbsjh4khhl408181ns5nsdwasklb277fdjfajdv5h1j9a190k3";
hash = "sha256-CTkw92TiRD2tkYu5a5dy8fjpR2MMOMCvcbxXhJ36Bp8=";
hash_deb_amd64 = "sha256-Y4IUVJIBlt2kcrK5c8SiUyvetC3aBhQQIBTCSaDUKxs=";
version = "118.0.5993.88";
};
}

8
pkgs/development/tools/electron/info.json
View File

@ -884,7 +884,7 @@
"version": "2023-09-12",
"url": "https://gn.googlesource.com/gn",
"rev": "991530ce394efb58fcd848195469022fa17ae126",
"sha256": "1zpbaspb2mncbsabps8n1iwzc67nhr79ndc9dnqxx1w1qfvaldg2"
"hash": "sha256-4jWqtsOBh96xbYk1m06G9hj2eQwW6buUXsxWsa5W6/4="
}
}
},
@ -1776,7 +1776,7 @@
"version": "2023-08-10",
"url": "https://gn.googlesource.com/gn",
"rev": "cc56a0f98bb34accd5323316e0292575ff17a5d4",
"sha256": "1ly7z48v147bfdb1kqkbc98myxpgqq3g6vgr8bjx1ikrk17l82ab"
"hash": "sha256-SwlET5h5xtDlQvlt8wbG73ZfUWJr4hlWc+uQsBH5x9M="
}
}
},
@ -2620,7 +2620,7 @@
"version": "2023-06-09",
"url": "https://gn.googlesource.com/gn",
"rev": "4bd1a77e67958fb7f6739bd4542641646f264e5d",
"sha256": "14h9jqspb86sl5lhh6q0kk2rwa9zcak63f8drp7kb3r4dx08vzsw"
"hash": "sha256-XP+NQG8kjzXPzQ25YaZiPymexZwAGwhpodqgdTWWCZI="
}
}
},
@ -3440,7 +3440,7 @@
"version": "2023-04-19",
"url": "https://gn.googlesource.com/gn",
"rev": "5a004f9427a050c6c393c07ddb85cba8ff3849fa",
"sha256": "01xrh9m9m6x8lz0vxwdw2mrhrvnw93zpg09hwdhqakj06agf4jjk"
"hash": "sha256-U0rinjJAToVh4zCBd/9I3O4McxW88b7Bp6ibmmqCuQc="
}
}
},

8
pkgs/development/tools/selenium/chromedriver/default.nix
View File

@ -10,17 +10,17 @@ let
allSpecs = {
x86_64-linux = {
system = "linux64";
sha256 = upstream-info.sha256_linux;
hash = upstream-info.hash_linux;
};
x86_64-darwin = {
system = "mac-x64";
sha256 = upstream-info.sha256_darwin;
hash = upstream-info.hash_darwin;
};
aarch64-darwin = {
system = "mac-arm64";
sha256 = upstream-info.sha256_darwin_aarch64;
hash = upstream-info.hash_darwin_aarch64;
};
};
@ -42,7 +42,7 @@ in stdenv.mkDerivation rec {
src = fetchurl {
url = "https://edgedl.me.gvt1.com/edgedl/chrome/chrome-for-testing/${version}/${spec.system}/chromedriver-${spec.system}.zip";
sha256 = spec.sha256;
hash = spec.hash;
};
nativeBuildInputs = [ unzip makeWrapper ];